skip to main content
10.1145/3372297.3417265acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Published: 02 November 2020 Publication History

Abstract

Intel SGX is a security solution promising strong and practical security guarantees for trusted computing. However, recent reports demonstrated that such security guarantees of SGX are broken due to access pattern based side-channel attacks, including page fault, cache, branch prediction, and speculative execution. In order to stop these side-channel attackers, Oblivious RAM (ORAM) has gained strong attention from the security community as it provides cryptographically proven protection against access pattern based side-channels. While several proposed systems have successfully applied ORAM to thwart side-channels, those are severely limited in performance and its scalability due to notorious performance issues of ORAM. This paper presents TrustOre, addressing these issues that arise when using ORAM with Intel SGX. TrustOre leverages an external device, FPGA, to implement a trusted storage service within a completed isolated environment secure from side-channel attacks. TrustOre tackles several challenges in achieving such a goal: extending trust from SGX to FPGA without imposing architectural changes, providing a verifiably-secure connection between SGX applications and FPGA, and seamlessly supporting various access operations from SGX applications to FPGA.We implemented TrustOre on the commodity Intel Hybrid CPU-FPGA architecture. Then we evaluated with three state-of-the-art ORAM-based SGX applications, ZeroTrace, Obliviate, and Obfuscuro, as well as an end-to-end key-value store application. According to our evaluation, TrustOre-based applications outperforms ORAM-based original applications ranging from 10x to 43x, while also showing far better scalability than ORAM-based ones. We emphasize that since TrustOre can be deployed as a simple plug-in to SGX machine's PCIe slot, it is readily used to thwart side-channel attacks in SGX, arguably one of the most cryptic and critical security holes today.

Supplementary Material

MOV File (Copy of CCS2020_fp245_HyunyoungOh - Brian Hollendyke.mov)
Presentation video

References

[1]
Github - adilahmad17/obfuscuro: Commodity obfuscation for intel sgx, 2019. URL https://github.com/adilahmad17/Obfuscuro.
[2]
S. Aga and S. Narayanasamy. Invisimem: Smart memory defenses for memory bus side channel. In Proceedings of the 44th ACM/IEEE International Symposium on Computer Architecture (ISCA), New York, NY, June 2017.
[3]
A. Ahmad, K. Kim, M. I. Sarfaraz, and B. Lee. Obliviate: A data oblivious file system for intel sgx. In Proceedings of the 2018 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2018.
[4]
A. Ahmad, B. Joe, Y. Xiao, Y. Zhang, I. Shin, and B. Lee. OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX. In Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2019.
[5]
Amazon. Aws ec2 fpga development kit. https://github.com/aws/aws-fpga. [Online; Accessed 22. August 2019], 2018.
[6]
I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata. Innovative technology for cpu based attestation and sealing. In Proceedings of the 14th Hardware and Architectural Support for Security and Privacy (HASP), Tel-Aviv, Israel, June 2013.
[7]
S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe, M. Stillwell, et al. Scone: Secure linux containers with intel sgx. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Savannah, GA, Nov. 2016.
[8]
A. Awad, Y. Wang, D. Shands, and Y. Solihin. Obfusmem: A low-overhead access obfuscation for trusted memories. In Proceedings of the 44th ACM/IEEE International Symposium on Computer Architecture (ISCA), New York, NY, June 2017.
[9]
A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Broomfield, Colorado, Oct. 2014.
[10]
K. Bhimani. Zc706 pcie driver. https://github.com/codelec/zc706_pcie. [Online; Accessed 22. August 2019], 2017.
[11]
F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A.-R. Sadeghi. Software grand exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17), Vancouver, BC, 2017.
[12]
S. Checkoway and H. Shacham. Iago attacks: Why the system call api is a bad untrusted rpc interface. In Proceedings of the 18th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Houston, TX, Mar. 2013.
[13]
G. Chen, S. Chen, Y. Xiao, Y. Zhang, Z. Lin, and T. H. Lai. Sgxpectre attacks: Leaking enclave secrets via speculative execution. CoRR, abs/1802.09085, 2018. URL http://arxiv.org/abs/1802.09085.
[14]
X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Seattle, WA, Mar. 2008.
[15]
B. Coppens, I. Verbauwhede, K. De Bosschere, and B. De Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In Proceedings of the 30th IEEE Symposium on Security and Privacy (Oakland), Oakland, CA, May 2009.
[16]
V. Costan and S. Devadas. Intel sgx explained. IACR Cryptology ePrint Archive, 2016: 86, 2016.
[17]
M. Coughlin, A. Ismail, and E. Keller. Apps with hardware: Enabling run-time architectural customization in smart phones. In Proceedings of the 2016 USENIX Annual Technical Conference (ATC), Denver, CO, June 2016.
[18]
M. Dworkin. Recommendation for block cipher modes of operation: Galois/counter mode (gcm) and gmac. In Federal Information Processing Standards (FIPS) Special Publications (SP), Nov 2007.
[19]
D. Evtyushkin, R. Riley, N. C. Abu-Ghazaleh, ECE, and D. Ponomarev. Branchscope: A new side-channel attack on directional branch predictor. In Proceedings of the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Williamsburg, VA, Mar. 2018.
[20]
C. W. Fletcher, M. v. Dijk, and S. Devadas. A secure processor architecture for encrypted computation on untrusted programs. In Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing, STC '12, 2012.
[21]
C. W. Fletcher, L. Ren, A. Kwon, M. v. Dijk, E. Stefanov, D. Serpanos, and S. Devadas. A low-latency, low-area hardware oblivious ram controller. In 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing Machines, pages 215--222, May 2015 a. 10.1109/FCCM.2015.58.
[22]
C. W. Fletcher, L. Ren, A. Kwon, M. van Dijk, and S. Devadas. Freecursive oram: [nearly] free recursion and integrity verification for position-based oblivious ram. In Proceedings of the 20th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Istanbul, Turkey, Mar. 2015 b .
[23]
O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. Journal of the ACM (JACM), 43 (3): 431--473, 1996.
[24]
J. Götzfried, M. Eckert, S. Schinzel, and T. Müller. Cache attacks on intel sgx. In EUROSEC, pages 2--1, 2017.
[25]
D. Gruss, J. Lettner, F. Schuster, O. Ohrimenko, I. Haller, and M. Costa. Strong and efficient cache side-channel protection using hardware transactional memory. In Proceedings of the 26th USENIX Security Symposium (Security), Vancouver, BC, Aug. 2017.
[26]
S. Gueron. A memory encryption engine suitable for general purpose processors. IACR Cryptology ePrint Archive, 2016: 204, 2016.
[27]
B. K. Haddon and W. M. Waite. A Compaction Procedure for Variable-Length Storage Elements. The Computer Journal, 10 (2): 162--165, 08 1967. ISSN 0010--4620. 10.1093/comjnl/10.2.162. URL https://doi.org/10.1093/comjnl/10.2.162.
[28]
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM, 52 (5): 91--98, May 2009. ISSN 0001-0782. 10.1145/1506409.1506429. URL http://doi.acm.org/10.1145/1506409.1506429.
[29]
O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel. Inktag: Secure applications on an untrusted operating system. In Proceedings of the 18th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Houston, TX, Mar. 2013.
[30]
T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Savannah, GA, Nov. 2016.
[31]
Intel. An introduction to the intel(r) quickpath interconnect. https://www.intel.com/content/www/us/en/io/quickpath-technology/quick-path-interconnect-introduction-paper.html. [Online; Accessed 22. August 2019], 2009.
[32]
Intel. Intel 64 and ia-32 architectures software developer's manual. https://www.intel.co.kr/content/www/kr/ko/architecture-and-technology/64-ia-32-architectures-software-developer-vol-1-manual.html. [Online; Accessed 18. August 2020], 2016.
[33]
Intel. Intel(r) xeon(r) gold 6138 processor, 2018 a. URL https://en.wikichip.org/wiki/intel/xeon_gold/6138p.
[34]
Intel. Intel(r) programmable acceleration card (pac) with intel(r) arria(r) 10 gx fpga datasheet, 2018 b. URL https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/ds/ds-pac-a10.pdf.
[35]
Intel. Intel stratix 10 mx (dram system-in-package) device overview. https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/hb/stratix-10/s10-mx-overview.pdf. [Online; Accessed 22. August 2019], 2019.
[36]
P. Jain, S. Desai, S. Kim, M.-W. Shih, J. Lee, C. Choi, Y. Shin, T. Kim, B. B. Kang, and D. Han. OpenSGX: An Open Platform for SGX Research. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2016.
[37]
R. Karam, T. Hoque, S. Ray, M. Tehranipoor, and S. Bhunia. Robust bitstream protection in fpga-based systems through low-overhead obfuscation. In 2016 International Conference on ReConFigurable Computing and FPGAs (ReConFig), pages 1--8, Nov 2016. 10.1109/ReConFig.2016.7857187.
[38]
T. Kim, M. Peinado, and G. Mainar-Ruiz. Stealthmem: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium (Security), Bellevue, WA, Aug. 2012.
[39]
T. Kim, J. Park, J. Woo, S. Jeon, and J. Huh. Shieldstore: Shielded in-memory key-value storage with sgx. In Proceedings of the Fourteenth EuroSys Conference 2019, EuroSys '19, pages 14:1--14:15, New York, NY, USA, 2019. ACM. ISBN 978--1--4503--6281--8. 10.1145/3302424.3303951. URL http://doi.acm.org/10.1145/3302424.3303951.
[40]
P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi. Introduction to differential power analysis. Journal of Cryptographic Engineering, 1 (1): 5--27, Apr 2011. ISSN 2190--8516. 10.1007/s13389-011-0006-y. URL https://doi.org/10.1007/s13389-011-0006-y.
[41]
D. Lee, D. Jung, I. T. Fang, C.-C. Tsai, and R. A. Popa. An off-chip attack on hardware enclaves via the memory bus. In Proceedings of the 29th USENIX Security Symposium (Security), Boston, MA, Aug. 2020.
[42]
S. Lee, M. Shih, P. Gera, T. Kim, H. Kim, and M. Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In Proceedings of the 26th USENIX Security Symposium (Security), Vancouver, BC, Aug. 2017.
[43]
C. Liu, A. Harris, M. Maas, M. Hicks, M. Tiwari, and E. Shi. Ghostrider: A hardware-software system for memory trace oblivious computation. ACM SIGARCH Computer Architecture News, 43 (1): 87--101, 2015.
[44]
A. Ltd. mbed tls. https://tls.mbed.org. [Online; Accessed 22. August 2019], 2015.
[45]
M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, and D. Song. Phantom: Practical oblivious computation in a secure processor. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, Oct. 2013.
[46]
H. Mardani Kamali, K. Zamiri Azar, K. Gaj, H. Homayoun, and A. Sasan. Lut-lock: A novel lut-based logic obfuscation for fpga-bitstream and asic-hardware protection. In 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pages 405--410, July 2018. 10.1109/ISVLSI.2018.00080.
[47]
U. F. Mayer. Linux/unix nbench. https://www.math.utah.edu/ mayer/linux/bmark.html. [Online; Accessed 22. August 2019], 2011.
[48]
F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proceedings of the 14th Hardware and Architectural Support for Security and Privacy (HASP), Tel-Aviv, Israel, June 2013.
[49]
M. Minkin, D. Moghimi, M. Lipp, M. Schwarz, J. Van Bulck, D. Genkin, D. Gruss, B. Sunar, F. Piessens, and Y. Yarom. Fallout: Reading kernel writes from user space. CoRR, abs/1905.12701, 2019. URL http://arxiv.org/abs/1905.12701.
[50]
K. Nayak, C. Fletcher, L. Ren, N. Chandran, S. Lokam, E. Shi, and V. Goyal. Hop: Hardware makes obfuscation practical. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2017.
[51]
W. D. Norcott and D. Capps. Iozone filesystem benchmark. http://www.iozone.org. [Online; Accessed 22. August 2019], 2003.
[52]
D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of aes. In Cryptographers? Track at the RSA Conference, pages 1--20. Springer, 2006.
[53]
A. Peetermans, V. Rozic, and I. Verbauwhede. A highly-portable true random number generator based on coherent sampling. In 2019 29th International Conference on Field Programmable Logic and Applications (FPL), pages 218--224, 2019. URL https://github.com/KULeuven-COSIC/COSO-TRNG.
[54]
P. Pessl, D. Gruss, C. Maurice, M. Schwarz, and S. Mangard. Drama: Exploiting dram addressing for cross-cpu attacks. In Proceedings of the 25th USENIX Security Symposium (Security), Austin, TX, Aug. 2016.
[55]
J.-J. Quisquater and D. Samyde. Side Channel Cryptanalysis. In Invited talk in SEcurité de la Communication sur Internet (SECI 02). Tunis, Tunisia, 9 2002. Invited talk.
[56]
A. Rane, C. Lin, and M. Tiwari. Raccoon: closing digital side-channels through obfuscated execution. In Proceedings of the 24th USENIX Security Symposium (Security), Washington, DC, Aug. 2015.
[57]
L. Ren, C. Fletcher, A. Kwon, E. Stefanov, E. Shi, M. Van Dijk, and S. Devadas. Constants count: Practical improvements to oblivious ram. In Proceedings of the 24th USENIX Security Symposium (Security), Washington, DC, Aug. 2015.
[58]
E. Rescorla. Diffie-hellman key agreement method. https://tools.ietf.org/html/rfc2631. [Online; Accessed 22. August 2019], 1999.
[59]
L. Sanders. Secure boot of zynq-7000 all programmable soc. https://www.xilinx.com/support/documentation/application_notes/xapp1175_zynq_secure_boot.pdf. [Online; Accessed 22. August 2019], 2015.
[60]
S. Sasy, S. Gorbunov, and C. W. Fletcher. Zerotrace: Oblivious memory primitives from intel sgx. In Proceedings of the 2018 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2018.
[61]
M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard. Malware guard extension: Using sgx to conceal cache attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 3--24. Springer, 2017.
[62]
J. Seo, B. Lee, S. Kim, M.-W. Shih, I. Shin, D. Han, and T. Kim. Sgx-shield: Enabling address space layout randomization for sgx programs. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2017.
[63]
A. Shafiee, R. Balasubramonian, M. Tiwari, and F. Li. Secure dimm: Moving oram primitives closer to memory. In Proceedings of the 24th IEEE Symposium on High Performance Computer Architecture (HPCA), Vienna, Austria, Feb. 2018.
[64]
M.-W. Shih, S. Lee, T. Kim, and M. Peinado. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2017.
[65]
S. Shinde, Z. Chua, V. Narayanan, and P. Saxena. Preventing your faults from telling your secrets. In Proceedings of the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Xi'an, China, May--June 2016.
[66]
R. Sinha, S. Rajamani, and S. A. Seshia. A compiler and verifier for page access oblivious computation. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017. ACM, 2017.
[67]
E. Stefanov and E. Shi. Oblivistore: High performance oblivious cloud storage. In Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2013.
[68]
E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path oram: An extremely simple oblivious ram protocol. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, Oct. 2013.
[69]
R. K. S. A. Ting Lu. Secure device manager for intel(r) stratix(r) 10 devices provides fpga and soc security. https://www.intel.com/content/dam/www/programmable/us/en/pdfs/literature/wp/wp-01252-secure-device-manager-for-fpga-soc-security.pdf. [Online; Accessed 22. August 2019], 2018.
[70]
C.-C. Tsai, K. S. Arora, N. Bandi, B. Jain, W. Jannen, J. John, H. A. Kalodner, V. Kulkarni, D. Oliveira, and D. E. Porter. Cooperation and security isolation of library oses for multi-process applications. In Proceedings of the 9th European Conference on Computer Systems (EuroSys), Amsterdam, The Netherlands, Apr. 2014.
[71]
C.-C. Tsai, D. E. Porter, and M. Vij. Graphene-sgx: A practical library os for unmodified applications on sgx. In 2017 USENIX Annual Technical Conference (USENIX ATC), 2017.
[72]
J. Van Bulck, N. Weichbrodt, R. Kapitza, F. Piessens, and R. Strackx. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In Proceedings of the 26th USENIX Security Symposium (Security), Vancouver, BC, Aug. 2017.
[73]
J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In Proceedings of the 27th USENIX Security Symposium (Security), Baltimore, MD, Aug. 2018.
[74]
S. van Schaik, A. Milburn, S. Österlund, P. Frigo, G. Maisuradze, K. Razavi, H. Bos, and C. Giuffrida. RIDL: Rogue in-flight data load. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2019.
[75]
S. Volos, K. Vaswani, and R. Bruno. Graviton: Trusted execution environments on gpus. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Carlsbad, CA, Nov. 2016.
[76]
R. Wang, Y. Zhang, and J. Yang. D-oram: Path-oram delegation for low execution interference on cloud servers with untrusted memory. In Proceedings of the 24th IEEE Symposium on High Performance Computer Architecture (HPCA), Vienna, Austria, Feb. 2018.
[77]
W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bindschaedler, H. Tang, and C. A. Gunter. Leaky cauldron on the dark land: Understanding memory side-channel hazards in sgx. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, TX, Oct. 2016.
[78]
X. Wang, H. Chan, and E. Shi. Circuit oram: On tightness of the goldreich-ostrovsky lower bound. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, Oct. 2015.
[79]
J. B. Wendt and M. Potkonjak. Hardware obfuscation using puf-based logic. In Proceedings of the 33rd IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA, Nov. 2014.
[80]
J. Winkles. Pci express(r) basics. http://www.cs.uml.edu/ bill/cs520/slides_15B_PCI_Express.pdf. [Online; Accessed 22. August 2019], 2006.
[81]
Xilinx. Zc706 evaluation board for the zynq-7000 xc7z045 soc user guide. https://www.xilinx.com/support/documentation/boards_and_kits/zc706/ug954-zc706-eval-board-xc7z045-ap-soc.pdf. [Online; Accessed 22. August 2019], 2018.
[82]
Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, May 2015.
[83]
S. F. Yitbarek, M. T. Aga, R. Das, and T. Austin. Cold boot attacks are still hot: Security analysis of memory scramblers in modern processors. In Proceedings of the 23rd IEEE Symposium on High Performance Computer Architecture (HPCA), Austin, TX, Feb. 2017.
[84]
M. Zhao and G. E. Suh. Fpga-based remote power side-channel attacks. In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2018.
[85]
Z. Zhou, M. K. Reiter, and Y. Zhang. A software approach to defeating side channels in last-level caches. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, Oct. 2016.

Cited By

View all
  • (2024)Obelix: Mitigating Side-Channels Through Dynamic Obfuscation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00261(4182-4199)Online publication date: 19-May-2024
  • (2024)Privacy-Preserving Multi-Party Machine Learning Based on Trusted Execution Environment and GPU Accelerator2024 IEEE 12th International Conference on Information, Communication and Networks (ICICN)10.1109/ICICN62625.2024.10761130(601-606)Online publication date: 21-Aug-2024
  • (2024)Enhancing paillier to fully homomorphic encryption with semi-honest TEEPeer-to-Peer Networking and Applications10.1007/s12083-024-01752-517:5(3476-3488)Online publication date: 25-Jul-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
October 2020
2180 pages
ISBN:9781450370899
DOI:10.1145/3372297
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Intel SGX
  2. access pattern based side-channel
  3. hybrid CPU-FPGA
  4. secure storage

Qualifiers

  • Research-article

Conference

CCS '20
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)126
  • Downloads (Last 6 weeks)14
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Obelix: Mitigating Side-Channels Through Dynamic Obfuscation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00261(4182-4199)Online publication date: 19-May-2024
  • (2024)Privacy-Preserving Multi-Party Machine Learning Based on Trusted Execution Environment and GPU Accelerator2024 IEEE 12th International Conference on Information, Communication and Networks (ICICN)10.1109/ICICN62625.2024.10761130(601-606)Online publication date: 21-Aug-2024
  • (2024)Enhancing paillier to fully homomorphic encryption with semi-honest TEEPeer-to-Peer Networking and Applications10.1007/s12083-024-01752-517:5(3476-3488)Online publication date: 25-Jul-2024
  • (2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
  • (2023)Scalable and Secure Virtualization of HSM With ScaleTrustIEEE/ACM Transactions on Networking10.1109/TNET.2022.322042731:4(1595-1610)Online publication date: Aug-2023
  • (2023)Microarchitectural Side-Channel Threats, Weaknesses and Mitigations: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2023.327575711(48945-48976)Online publication date: 2023
  • (2023)A Survey of Trusted Computing Solutions Using FPGAsIEEE Access10.1109/ACCESS.2023.326180211(31583-31593)Online publication date: 2023
  • (2022)XtenStoreProceedings of the 2022 Conference & Exhibition on Design, Automation & Test in Europe10.5555/3539845.3539977(560-563)Online publication date: 14-Mar-2022
  • (2022)Enhancing the Privacy of Network Services through Trusted ComputingApplied Sciences10.3390/app1218919112:18(9191)Online publication date: 14-Sep-2022
  • (2022)XTENSTORE: Fast Shielded In-memory Key-Value Store on a Hybrid x86-FPGA System2022 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE54114.2022.9774583(560-563)Online publication date: 14-Mar-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media